1 --- misc/xmlsec1-1.2.14/src/mscrypto/x509vfy.c 2009-06-25 22:53:18.000000000 +0200
2 +++ misc/build/xmlsec1-1.2.14/src/mscrypto/x509vfy.c 2009-09-23 10:01:07.237316078 +0200
4 CertFreeCertificateContext(nextCert);
7 - if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
10 + /* JL: OpenOffice.org implements its own certificate verification routine.
11 + The goal is to separate validation of the signature
12 + and the certificate. For example, OOo could show that the document signature is valid,
13 + but the certificate could not be verified. If we do not prevent the verification of
14 + the certificate by libxmlsec and the verification fails, then the XML signature will not be
15 + verified. This would happen, for example, if the root certificate is not installed.
17 +/* if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */
23 --- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-23 10:06:52.989793254 +0200
24 +++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-23 10:05:03.183042205 +0200
29 - status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
31 - (SECCertificateUsage)0,
32 - timeboundary , NULL, NULL, NULL);
33 - if (status == SECSuccess) {
38 + JL: OpenOffice.org implements its own certificate verification routine.
39 + The goal is to separate validation of the signature
40 + and the certificate. For example, OOo could show that the document signature is valid,
41 + but the certificate could not be verified. If we do not prevent the verification of
42 + the certificate by libxmlsec and the verification fails, then the XML signature may not be
43 + verified. This would happen, for example, if the root certificate is not installed.
45 + status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
47 + (SECCertificateUsage)0,
48 + timeboundary , NULL, NULL, NULL);
49 + if (status == SECSuccess) {
54 + status = SECSuccess;
59 if (status == SECSuccess) {